Integrate with Office 365/ Microsoft

Hello,

I am testing login with Microsoft account.

I have made on app on Microsoft app portal.
When I try to login using Microsoft App key and secrete I am getting following error.

KeyError: 'Decoder failed to handle access_token with data as returned by provider. A different decoder may be needed. Provider returned: {"token_type":"Bearer","id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ikd2blBBcGZXTWRMUmk4UERtaXNGbjdicHJLZyJ9.eyJ2ZMSwibm9uY2UiOiI4ODcxMjMxMjg4OTgxMzIiLCJuYW1lIjoic2FtYmhhamkga29sYXRlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoic2FtYmhhamkua29sYXRlQGhvdG1haWwuY29tIiwic3ViIjoiQUFBQUFBQUFBQUFBQUFBQUFBQUFBRkhLdERRR0RBMy0xTEtEWlk1RFpzTSIsInRpZCI6IjkxODgwNDBkLTZjNjctNGM1Yi1iMTEyLTM2YTMwNGI2NmRhZCJ9.zPLfhhbnVj0DdTFPloJ7XtrmAbHv2fUDpbZ2vZryM340kA0TjvWHltwvdamerOf7-3wG7X3uJCENEr_DaISrRDhz8F7D1-c_GqBkZUBQP6-5-qG57ZE0cKr-7-nNbil2qUlS8JZAvuPLh2yz_fGqx2jLEUTmkEJdKq8B4fsu0qk"}'

I am using existing rauth function in frappe.
I am getting error at this line, can anyone help me.

Thanks,
Sambhaji

@kolate_sambhaji, wellcome to the “oAuth from hell” my friend!

Do you need create a flow, in the oauth.py to support the Micro$oft flow in oauth!

Hello @max_morais_dmm

I am getting following two problem.

  1. I am not able to use session = flow.get_auth_session(**args) , So I am using get_raw_acess_token
    reference Suggestion: GooglePlus OAuth ID Token handling · Issue #177 · litl/rauth · GitHub

  2. Microsoft Oauth send responce in JWT encrip JSON decoder is not working for Microsoft, also RS256 algorithm is not supported by python-jwt decoder

I faced similar problem recently,
things mentioned here solved my problem:

session = frappe_oauth_server.get_auth_session(data=data,decoder=json.loads)
1 Like

Thanks @revant_one I will check this

For now I have added code to decode response using jwt.

My code is

if(provider=="microsoft"):
            session = flow.get_raw_access_token(**args)
            parsed_access = json.loads(session.content.decode('utf-8'))
            m_token = parsed_access['id_token']
            id_token = jwt.decode(m_token, verify=False)
            # info = session.get(api_endpoint).json()
            info = {"email": id_token["preferred_username"],"id": id_token["preferred_username"],"token": "8a986a1dd5b044e972584c0aff9a7608c71706168e130a6c92bcab68", "site": "http://localhost:9090"}
            login_oauth_user(data=info, provider=provider, email_id=id_token["preferred_username"])

@revant_one @kolate_sambhaji were either of you able to get Authentication with a Microsoft account working?

I’m trying to use Azure AD as my user account source (SAML/Oauth2?) and log in to ERPNext - any assistance/guide on getting this working would be very much appreciated!

Thank you guys for your time and effort put into this.

@eleben I have working code, you can check.
I have issue with access token, as its encrypted, so code is not merged with core.
You can check my above comment for code.

@kolate_sambhaji So if I drop the code from your post on Oct 16 2016 into the oath.py file and add microsoft as a provider with the appropriate info to the same file I’m able to use Microsoft as my IDP?

When you say issue with access token are you saying it is a security issue if someone uses your code above or there is an issue with authentication because it is encrypted?

Thank you!

I created a following issue

https://github.com/frappe/frappe/issues/4496

If there are many providers, then users should be able to add providers.
Known providers can be fixtures